Red Hat Satellite 5 is vulnerable to cross-site scripting (XSS) attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser.
rhn.redhat.com/errata/RHSA-2016-0590.html
access.redhat.com/errata/RHSA-2016:0590
access.redhat.com/security/cve/CVE-2016-2104
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1181152
bugzilla.redhat.com/show_bug.cgi?id=1305677
bugzilla.redhat.com/show_bug.cgi?id=1313515
bugzilla.redhat.com/show_bug.cgi?id=1313517
bugzilla.redhat.com/show_bug.cgi?id=1320444
bugzilla.redhat.com/show_bug.cgi?id=1320452
rhn.redhat.com/errata/RHSA-2016-0590.html